The Importance of a Strong Password

I wanted to write a blog explaining the importance of a strong password for online and offline use.  With the growth of technology and the ability to save your entire personal and financial history on your computer and online accounts, it is important to secure your information from unwanted predators.  A Hacker guessing a victim’s password is the way that most information is stolen.  So stay away from using passwords of names of friends and family, birthdays, and social security numbers.  Hackers use applications to dictionary and brute force attack your account to gain access to your information.  A dictionary attack checks to see if your password is a word that is in the dictionary.  A brute force attack tries a combination of a predefined set of characters.  If the attacker knows your password is all numbers, they can input 0-9 into their program and it will gain access to your account within a minute.  I am going to provide some information about how quickly an attacker can hack an account.  The following examples are for a user who uses 7 characters in their password.  If a user created a password and ONLY used numbers as characters, it would take an attacker less than 1 minute to gain access.  If a user created a password and ONLY used either lower case letters or ONLY used upper case letters as characters, it would take an attacker about 13 minutes to gain access.  If a user created a password and used a combination of lower and upper case letters as characters, it would take an attacker about 28 ½ hours to gain access.  If a user created a password and used a combination of lower case letters, upper case letters, and numbers as characters, it would take an attacker about 4 days to gain access.  If a user created a password and used a combination of lower case letters, upper case letters, numbers, and symbols as characters, it would take an attacker about 87 days to gain access.  This makes a huge difference in whether an attacker will be persistent enough to hijack you information.  We can take this example even further and add one more character to a combination of lower case letters, upper case letters, numbers, and symbols and it would take an attacker about 23 years to gain access.  So please make sure to have strong passwords and change them every 90 days.  Don’t become a victim.


Reference
image url: http://dukecomputer.com/blog/2010/08/4-password-dos-and-donts/

IT Education

For anyone interested in IT or the latest trends in computers and networks, there are several free options that should be explored to strengthen your knowledge and skills.  The SANS Institute and Google University are solid resources to anyone who works in the IT field. 

Sign up for a free account on SANS Institute and they will send free web seminars via email. They also provide live courses that are very helpful in strengthening your knowledge, which can help in your career path (Security, Developer, Forensics, Management, Audit, and Legal).

Google Code University provides free training which includes Programming Languages, Web Programming, Web Security, Algorithms, Android, Distributed Systems, Tools 101, and Google APIs and Tools.

Reference

SANS Institute: http://www.sans.org/

Google Code University: http://code.google.com/edu/

image url: http://www.getitnyc.com/computer-course.htm

Phishing Scams Target 9/11 (10 year anniversary)

Be aware or cyber criminals and do not fall for email phishing scams.  It is important to be aware of all emails from unknown users and where they originate from before clicking on its contents.  This is because by opening an attachment or clicking a malicious website link, you could infect your computer and/or be a carrier to infect other peoples computers.  Also, donating money to a fictitious website is NEVER a good thing.  So if you want to donate, it is a good idea for you to manually navigate to the charity of your choice.  This will help prevent being victimized from these cyber bullies!  Be alert and do not be a victim of this scam!






Additional information on these attacks:   
http://it.cc.stonybrook.edu/news/2366


More information on Email Scams:
http://www.tech-faq.com/email-scams.html

Blocking websites on ALL Browsers

I received a text message today from a family member asking me, “What is the best way to block a website?”  It seems an employee at her office is spending too much time on Facebook and it is affecting her productivity at work. So to help her address this issue I am going to provide a method to block specific websites on all internet browsers. Hopefully the information will come in handy for others too.

There are many reasons why someone may block a website.  Parents may want to prevent their children from roaming the internet and help block some of its parental content.  It may also be used restrict access to chat rooms, online games, and pornographic sites.  Companies block websites in an attempt to avoid the many distractions the internet has to offer. 

The application I recommend to block websites on all internet browsers is called Any Weblock.  Any Weblock is very simple to use application and will prevent a website and all of its sub domains from being accessed.  This application lets you block websites without completing tedious work of creating a black list for each individual browser.  After installing the program, you will be asked to create a password.  Make sure not to forget this password as it is used to modify these blocked websites.  Then add your blocked sites by clicking Add.  After you have added the blocked websites, you must click Apply Changes.  And that’s it.  When trying to access a blocked website you will receive an unable to connect error message in the browser

Application Download: http://www.anyutils.com/anyweblock.php

Application Manual: http://www.anyutils.com/emanual/anyweblock/getting_started.php

Reference

1.) 11 Jan. 2011. “Block Websites On All Browser in Windows.” Tekzilla. <http://revision3.com/tzdaily/2011-01-11anyweblock>

2.) “Any Weblocker - the blocker.” AnyUtils. <http://www.anyutils.com/anyweblock.php>

Mobile Security Threats

With the ability to have users bring work on the go, business email and documents can be accessed from a mobile phone, PDA, or other tablet solution.  It is productive to have the ability to bring work home with you to keep up to date on all of your emails and documents.  With such easy access to business information, attackers are moving towards attacking mobile devices as they do not have as strong of security features like a home or corporate network does, such as firewalls and antivirus.  The first cell phone virus appeared in 2004 called Cabir.A and spread through Bluetooth.  The virus did not complete any malicious activity, but was created to prove that they could gain access to the phone and its contents.  By the end of 2005, Fontal.A was developed to lock up phones in startup mode and completely disable the phone.  Fontal.A spread through internet download. 

A cell phone virus is almost identical to a computer virus.  A virus infects the local device and attempts to copy itself to other devices.  The virus copies itself by using internet downloads, Multimedia Messaging Service (MMS) attachments and Bluetooth transfers.  The infected files are hidden on the device under games, security patches, or other add-ons. These virus can copy address books, copy saved passwords, or log all internet traffic.  This is extremely dangerous as many people view confidential documents, emails, or visit bank websites on their mobile devices.

            Another mobile attack is called smishing.  Smishing is like the traditional phishing attack, but instead of using emails it uses Short Messaging Service (SMS), also known as a standard text message.  These messages imitate as if they were being sent from a bank or being affiliated with a lottery sweepstakes asking customer to contact them about the pressing issue or reward.  The victims are often asked to call a toll-free number and provide such information as account information and passwords to a fake automated system.    This information can then be used to perform some type of fraud.  

            There are ways you can to protect yourself against these types of attacks.  It is important to not accept all available Wi-Fi network connections as it can be dangerous if an attacker is staging an attack against all users on the network.  You should only connect to a Wi-Fi connection if you know the network is secure.  Avoid mobile applications that broadcast your physical location.  This may be leaking information to an attacker that can be used to stage different types of attacks at a later time.  Disable the auto-discover and listening functionality of Bluetooth on you mobile device.  Only turn this feature on when connecting a new device.  Then turn it off.  And finally, do not respond to text messages that ask for financial or personal information.  The lottery also does not send text messages to "potential" winners.  If you have any doubts of how creditable the message is, follow your gut.  Think before you act.  Do not just click any link or download any application without first thinking, is it safe and secure?  

Reference

1.) 21 Mar. 2011. “BBB: Bureau warns against cell phone smishing.”OA Online. <http://www.oaoa.com/articles/phone-62196-cell-new.html>

2.) Layton, Julia. “How Cell-phone Viruses Work.” How Stuff Works. <http://electronics.howstuffworks.com/cell-phone-virus1.htm/printable>